diff options
| author | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-19 03:15:26 +0100 | 
|---|---|---|
| committer | Emil Renner Berthing <esmil@labitat.dk> | 2017-11-19 12:46:35 +0100 | 
| commit | 3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b (patch) | |
| tree | 6263912c4754a73d13670605d9168267fa19d007 /roles/space_server/templates | |
| parent | 3b795796bd03488a385f3ad42b10b8c0d61282c1 (diff) | |
| download | labitat-ansible-3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b.tar.gz labitat-ansible-3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b.tar.xz labitat-ansible-3387c2fdcbe74be6767c5abce5beb9e7df2d3f5b.zip | |
space_server: generate DNS, mDNS and dhcp entries
..from the same variables
Diffstat (limited to 'roles/space_server/templates')
| -rw-r--r-- | roles/space_server/templates/avahi/hosts.j2 | 14 | ||||
| -rw-r--r-- | roles/space_server/templates/dhcpd/dhcpd.conf.j2 | 203 | ||||
| -rw-r--r-- | roles/space_server/templates/unbound/unbound.conf.j2 | 126 | 
3 files changed, 343 insertions, 0 deletions
| diff --git a/roles/space_server/templates/avahi/hosts.j2 b/roles/space_server/templates/avahi/hosts.j2 new file mode 100644 index 0000000..f87ad4b --- /dev/null +++ b/roles/space_server/templates/avahi/hosts.j2 @@ -0,0 +1,14 @@ +{% for host in local_hosts %} +{%   if 'mdns' not in host or host.mdns %} +{%     for ip in host.ips | ipv4 %} +{%       if loop.index <= 1 %} +{{ ip }} {{ host.name }}.local +{%       endif %} +{%     endfor %} +{%     for ip in host.ips | ipv6 %} +{%       if loop.index <= 1 %} +{{ ip }} {{ host.name }}.local +{%       endif %} +{%     endfor %} +{%   endif %} +{% endfor %} diff --git a/roles/space_server/templates/dhcpd/dhcpd.conf.j2 b/roles/space_server/templates/dhcpd/dhcpd.conf.j2 new file mode 100644 index 0000000..1b832e1 --- /dev/null +++ b/roles/space_server/templates/dhcpd/dhcpd.conf.j2 @@ -0,0 +1,203 @@ +# +# DHCP Server Configuration file. +#   see /usr/share/doc/dhcp/dhcpd.conf.example +#   see dhcpd.conf(5) man page +# + +# The ddns-updates-style parameter controls whether or not the server will +# attempt to do a DNS update when a lease is confirmed. We default to the +# behavior of the version 2 packages ('none', since DHCP v2 didn't +# have support for DDNS.) +ddns-update-style none; + +# option definitions common to all supported networks... +#option domain-name "labitat.dk"; +default-lease-time 3600; +max-lease-time 7200; +min-lease-time 600; + +# If this DHCP server is the official DHCP server for the local +# network, the authoritative directive should be uncommented. +authoritative; + +# Use this to send dhcp log messages to a different log file (you also +# have to hack syslog.conf to complete the redirection). +log-facility daemon; + + +# Admin net +subnet 10.42.0.0 netmask 255.255.255.0 { +	range 10.42.0.50 10.42.0.69; +	range 10.42.0.71 10.42.0.250; +	option routers 10.42.0.1; +	option domain-name-servers 185.38.175.0; +	#option ntp-servers 90.185.0.18; +{% for host in local_hosts %} +{%   if host.ips | ipaddr('10.42.0.0/24') %} +{%     if 'mac' in host %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	host {{ host.name }} { +		hardware ethernet {{ host.mac }}; +		fixed-address {{ host.ips | ipaddr('10.42.0.0/24') | first }}; +{%       if 'filename' in host %} +		filename "{{ host.filename }}"; +{%       endif %} +	} +{%     else %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	#host {{ host.name }} { +	#	fixed-address {{ host.ips | ipaddr('10.42.0.0/24') | first }}; +	#} +{%     endif %} +{%   endif %} +{% endfor %} + +	host spacewand { +		hardware ethernet 00:1f:7b:b4:0e:00; +		fixed-address 10.42.0.70; +	} +} + + +# Wired net +subnet 10.42.1.0 netmask 255.255.255.0 { +	range dynamic-bootp 10.42.1.50 10.42.1.250; +	option routers 10.42.1.1; +	option domain-name-servers 185.38.175.0; +	#option ntp-servers 90.185.0.18; +	next-server 10.42.1.1; +	filename "pxelinux.0"; +{% for host in local_hosts %} +{%   if host.ips | ipaddr('10.42.1.0/24') %} +{%     if 'mac' in host %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	host {{ host.name }} { +		hardware ethernet {{ host.mac }}; +		fixed-address {{ host.ips | ipaddr('10.42.1.0/24') | first }}; +{%       if 'filename' in host %} +		filename "{{ host.filename }}"; +{%       endif %} +	} +{%     else %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	#host {{ host.name }} { +	#	fixed-address {{ host.ips | ipaddr('10.42.1.0/24') | first }}; +	#} +{%     endif %} +{%   endif %} +{% endfor %} +} + + +# Private wifi +subnet 10.42.2.0 netmask 255.255.255.0 { +	range 10.42.2.50 10.42.2.250; +	option routers 10.42.2.1; +	option domain-name-servers 185.38.175.0; +	#option ntp-servers 90.185.0.18; +	next-server 10.42.2.1; +	filename "pxelinux.0"; +{% for host in local_hosts %} +{%   if host.ips | ipaddr('10.42.2.0/24') %} +{%     if 'mac' in host %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	host {{ host.name }} { +		hardware ethernet {{ host.mac }}; +		fixed-address {{ host.ips | ipaddr('10.42.2.0/24') | first }}; +{%       if 'filename' in host %} +		filename "{{ host.filename }}"; +{%       endif %} +	} +{%     else %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	#host {{ host.name }} { +	#	fixed-address {{ host.ips | ipaddr('10.42.2.0/24') | first }}; +	#} +{%     endif %} +{%   endif %} +{% endfor %} +} + +# Free wifi +subnet 10.42.3.0 netmask 255.255.255.0 { +	range 10.42.3.50 10.42.3.250; +	option routers 10.42.3.1; +	option domain-name-servers 185.38.175.0; +	#option ntp-servers 90.185.0.18; +{% for host in local_hosts %} +{%   if host.ips | ipaddr('10.42.3.0/24') %} +{%     if 'mac' in host %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	host {{ host.name }} { +		hardware ethernet {{ host.mac }}; +		fixed-address {{ host.ips | ipaddr('10.42.3.0/24') | first }}; +{%       if 'filename' in host %} +		filename "{{ host.filename }}"; +{%       endif %} +	} +{%     else %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	#host {{ host.name }} { +	#	fixed-address {{ host.ips | ipaddr('10.42.3.0/24') | first }}; +	#} +{%     endif %} +{%   endif %} +{% endfor %} +} + +# Password protected wifi +subnet 10.42.4.0 netmask 255.255.255.0 { +	range 10.42.4.50 10.42.4.250; +	option routers 10.42.4.1; +	option domain-name-servers 185.38.175.0; +	#option ntp-servers 90.185.0.18; +{% for host in local_hosts %} +{%   if host.ips | ipaddr('10.42.4.0/24') %} +{%     if 'mac' in host %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	host {{ host.name }} { +		hardware ethernet {{ host.mac }}; +		fixed-address {{ host.ips | ipaddr('10.42.4.0/24') | first }}; +{%       if 'filename' in host %} +		filename "{{ host.filename }}"; +{%       endif %} +	} +{%     else %} + +{%       if 'description' in host %} +	# {{ host.description }} +{%       endif %} +	#host {{ host.name }} { +	#	fixed-address {{ host.ips | ipaddr('10.42.4.0/24') | first }}; +	#} +{%     endif %} +{%   endif %} +{% endfor %} +} diff --git a/roles/space_server/templates/unbound/unbound.conf.j2 b/roles/space_server/templates/unbound/unbound.conf.j2 new file mode 100644 index 0000000..d2d3aed --- /dev/null +++ b/roles/space_server/templates/unbound/unbound.conf.j2 @@ -0,0 +1,126 @@ +server: +	pidfile: "/run/unbound/unbound.pid" +	verbosity: 1 +	statistics-interval: 0 +	statistics-cumulative: no +	extended-statistics: yes +	num-threads: 1 + +	define-tag: "local" + +	interface: 127.0.0.1 +	interface: ::1 +	interface: 185.38.175.0 +	interface: 2a01:4260:1ab:: + +	outgoing-interface: 185.38.175.0 +	outgoing-interface: 2a01:4260:1ab:: +	outgoing-port-permit: 32768-60999 +	outgoing-port-avoid: 0-32767 + +	so-reuseport: yes +	ip-transparent: yes +	max-udp-size: 3072 + +	access-control-tag: 127.0.0.1/32 "local" +	access-control-tag: ::1/128 "local" + +	access-control: 185.38.175.0/24 allow +	access-control: 10.42.0.0/16 allow +	access-control-tag: 10.42.0.0/24 "local" +	access-control-tag: 10.42.1.0/24 "local" +	access-control-tag: 10.42.2.0/24 "local" +	# not free wifi     10.42.3.0/24 +	access-control-tag: 10.42.4.0/24 "local" +	access-control-tag: 10.42.5.0/24 "local" +	access-control: 2a01:4260:1ab::/48 allow +	access-control-tag: 2a01:4260:1ab:a::/64 "local" +	access-control-tag: 2a01:4260:1ab:b::/64 "local" +	access-control-tag: 2a01:4260:1ab:c::/64 "local" +	# not free wifi     2a01:4260:1ab:d::/64 +	access-control-tag: 2a01:4260:1ab:e::/64 "local" +	access-control-tag: 2a01:4260:1ab:f::/64 "local" + +	chroot: "" +	username: "unbound" +	directory: "/etc/unbound" + +	use-syslog: yes +	log-time-ascii: yes + +	harden-glue: yes +	harden-dnssec-stripped: yes +	harden-below-nxdomain: yes +	harden-referral-path: yes +	qname-minimisation: yes + +	prefetch: yes +	prefetch-key: yes +	rrset-roundrobin: yes +	minimal-responses: yes + +	module-config: "validator iterator" + +	trust-anchor-signaling: yes + +	trusted-keys-file: /etc/unbound/keys.d/*.key +	auto-trust-anchor-file: "/var/lib/unbound/root.key" + +	val-clean-additional: yes +	val-permissive-mode: no +	serve-expired: yes +	val-log-level: 1 + +	local-zone: a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static +	local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800" +	local-data: "a.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk." + +	local-zone: b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static +	local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800" +	local-data: "b.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk." + +	local-zone: c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static +	local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800" +	local-data: "c.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk." + +	local-zone: d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static +	local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800" +	local-data: "d.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk." + +	local-zone: e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static +	local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800" +	local-data: "e.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk." + +	local-zone: f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. static +	local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN SOA space.labitat.dk. nobody.invalid. 1 3600 1200 604800 10800" +	local-data: "f.0.0.0.b.a.1.0.0.6.2.4.1.0.a.2.ip6.arpa. IN NS space.labitat.dk." + +	local-zone: s. static +	local-zone-tag: s. "local" +	local-data: "s.              IN SOA   space.labitat.dk. esmil.labitat.dk. 20171119 3600 1200 604800 10800" +	local-data: "s.              IN NS    space.labitat.dk." +	local-data: "s.              IN A     10.42.1.1" +	local-data: "s.              IN AAAA  2a01:4260:1ab::" +	local-data: "labitrack.s.    IN A     185.38.175.70" +	local-data: "labitrack.s.    IN AAAA  2a01:4260:1ab::cafe" +	local-data: "track.s.        IN A     185.38.175.70" +	local-data: "track.s.        IN AAAA  2a01:4260:1ab::cafe" +{% for host in local_hosts %} +{%   for ip in host.ips | ipv4 %} +{%     if loop.index <= 1 %} +	local-data: "{{ host.name }}.s. IN A {{ ip }}" +	local-data-ptr: "{{ ip }} {{ host.name }}.s." +{%     endif %} +{%   endfor %} +{%   for ip in host.ips | ipv6 %} +{%     if loop.index <= 1 %} +	local-data: "{{ host.name }}.s. IN AAAA {{ ip }}" +	local-data-ptr: "{{ ip }} {{ host.name }}.s." +{%     endif %} +{%   endfor %} +{% endfor %} + +remote-control: +	control-enable: yes +	control-use-cert: no +	control-interface: "/run/unbound/control" | 
